I know I’m harping back to my previous comment on this blog bug I would be grateful if someone in the world could answer my question:

“If I did have administrator access and made a mess of the hard drive, surely all that would happen would be an IT support officer would come out and copy a fresh image onto the hard drive of the machine.”

I see this potentially meaning less call outs and possibly the option of solving minor system problems through a phone call.

Thanks

I do stand corrected by Alan C. I did not specifically mention that a solution was being sought. However all I knew at the time was that a call had been logged. An automated response is sent by email confirming this. Staff do not receive any communication as to whether or not the problem is being worked on. We are given a priority rating. (I’ve only ever had low priority against my calls. How does a call becoming medium or even still high priority?) We all know that solutions are being worked towards as we have great faith in our IT support staff. I presumed that people would also know that IT support staff would be seeking a solution to the problem and was wrong to do this. I was definitely not trying to be misleading in any way. I presume that Alan C is not accusing me of this. I was unaware that a solution was close to fruition! Again a failing of cyber communication possibly.

I’m glad that Alan C and Robert sorted out the reconfiguring/registering issue as I am not asking to configure hardware. I am asking to register it. (press a button!) This would take about the same time as recalibrating my board, which I have to do from time to time.

I am glad a solution has been found and can’t wait to try it out. I will also actively promote the use of the slate in schools across East Lothian by networking with my maths colleagues. We do need to get value for money on the last 6 months of manufacturers warranty after all.

However I also asked the following in my previous post:

“If I did have administrator access and made a mess of the hard drive, surely all that would happen would be an IT support officer would come out and copy a fresh image onto the hard drive of the machine.”

I see this potentially meaning less call outs and possibly the option of solving minor system problems through a phone call.

Am I barking up the wrong tree here?

Personally I don’t think this is very good and hopefully the next version of the software will allow the settings to be saved on each PC.

My apologies for misleading people with my earlier post.

As has been stated the slates will currently only work on one computer and need to be reconfigured whenever they are moved to another classroom. We all agree this is a less than ideal situation. However what Craig failed to mention in his comment was that he is aware IT staff have been trying to find a resolution to this problem. We have been working with Promethean (the suppliers) and on Friday they provided a fix which unfortunately didn’t work. However it gave us enough pointers to enable us to tweak it and we have now managed to get it working. We will be rolling it out over the next week or so.

If we had followed Craig’s suggestion then he (and presumably colleagues in each of the other schools) would be re-configuring the slate every time it was used in a different classroom.

I know which approach I prefer.

So, anonymous posting is fine, for now, provided we are polite and constructive. I do, of course, retain the right to remove comments from my blog in an entirely abitrary manner whenever the whim takes me
Craig, in case anyone is wondering, works in the next-but-one room to mine. I’m always up for a pint Craig!

Douglas and Craig both raise interesting points that someone may wish to address.

Paul - I hear what you’re saying, and understand that sometimes users have the naive notion that they should have the same freedom on a company machine that they have on their home computer. That is clearly not practical. But there is a middle ground between total lock-down and full admin rights for all users. There are local authorities in Scotland that allow teachers to install software on their machines. They have not experienced meltdown.

On a Linux/unix machine, it is indeed true that if you are not running as “root” - the equivalent of the administrator account - then you can’t do any damage to anyone apart from yourself. Unfortunately windows is not so well designed. Non-privileged users on a windows machine can get viruses and worms - here’s a quote from windowsnetworking.com:

Sure, if you’re logged on as Administrator and you browse the web and come across some nasty site and download a virus, that virus gains control of your system using your own credentials i.e. administrator. And if you were an ordinary user and browsed that same site, the virus would only have limited access (the level of privileges of a domain user) on your system so the potential damage would be mitigated. But actually it’s more complex than this. After all, if the malware you download is a worm that exploits a weakness in a Windows service, then it really doesn’t matter what account you’re currently logged on as.

We spend thousands of pounds a year, I would guess, on anti-virus software for all of our desktop machines and for our servers. What is the point of this expenditure, if not to allow us to be a bit more relaxed about what we allow to happen on some of our machines?

I return to the simple point I have made repeatedly throughout this discussion. IT support guys say that more freedom for teachers would increase support costs and compromise security. Teachers think that more freedom for teachers would decrease support costs and improve the learning and teaching environment. The only way to find out who is right is to try it out. So why don’t we? No one has answered that question.

I’d like to mention a specific example to finish. We are using an excellent open source geometry package in North Berwick called Geogebra. It’s a Java based thing that doesn’t need to be installed - it just runs within java. This software has been very popular with senior classes, and is used on a regular basis. It has undoubtedly enriched the learning environment. If this had been an Open Source package that required installation, we would almost certainly not have bothered going through the rigmarole of putting in a job request (for one machine to begin with no doubt), waiting a week or two, checking it out then putting in another job request to have it installed on the remaining machines. I’m not saying that the logical conclusion to this is that we should have full admin rights. I’m not even saying that I know what the solution is. I’m just saying that we need to be aware that there is a cost attached to the lack of agility in our current setup. A cost in terms of lost chances to improve the learning and teaching environment.

To be honest, I think that this debate may be rendered redundant by the growth of Web2.0 - provided the web filters can avoid blocking Web2.0 applications we will increasingly find the freedom we seek within the borders of our browsers, and the desktop will matter less and less. In East Lothian we are fortunate that so far the main Web2.0 applications continue to be accessible - given the enlightened attitude of our Head of Education, I’m sure that this will continue to be the case.

I would like to extend the issues raised in “A Slacker’s” post which was unfortunately removed from this blog. In his post “A Slacker” mentioned that installing updates to software without them being fully tested by the IT department could cause potential security risks. What I would like to cover here is the potential for unwanted programs to become installed on council computers. The programs that I am talking about are commonly known as spyware, malware or virus; Unwanted programs that silently install themselves when someone browses to an infected website.

The reason that malicious programs like these have remained reasonably unheard of in most workplaces is because of the tight control that IT departments keep over computer equipment and the ability to install software. If a user does not have the right to install software then there is no way that a virus or other malicious program is going to be able to install itself.
The restricted user policy also protects IT equipment if a virus does become installed on a workplace computer. As all processes running on a computer run with the same access rights as the user that started them, when a limited user runs a program it can only access what they can access. This means that if the user cannot access the C drive a virus running on the computer will not be able to either. It is therefore best practise that NO ONE logs on as an administrator unless they are performing an administrative task. That includes IT staff.

When looking at granting administrative rights to ‘normal’ users there is much more to consider than first meets the eye. Someone mentioned earlier that they thought their IT department didn’t trust them with administrative rights. The chances are it’s not you they don’t trust, it’s all the virus writers and potentially unsafe programs that are the real cause for concern.

I am not sure if what I have written will make much sense to anyone who doesn’t have a background in IT. If anyone wishes to clarify what I have written please feel free.

If you would like to read what “A Slacker” had to say the original post can now be found here